ICT Pulse: Niel, thank you again for taking the time to share your insights with us. To start, give us a quick recap of what have been the most prevalent types of incidents in the Barbados and/or in the wider Caribbean region over the past year or so?
Niel Harper: Over the past year, there has been a substantive increase in ransomware attacks in Barbados and across the Caribbean. This is pretty much in line with the global trend, where we saw massive ransomware attacks such as NotPetya and WannaCry that impacted over 500,000 organizations and resulted in damages and losses in excess of USD$400 million. Barbados and the rest of the Caribbean were not spared from the wrath of these attacks.
ICTP: Has the threat landscape changed over the past year? Are there any particular areas of concern that you have for Caribbean organizations, or the region as a whole?
NH: Yes, most definitely the threat landscape has changed over the last year. Firstly, there has been a shift towards attacks on the underlying Internet infrastructure. Hence, Caribbean service providers need to implement protections in their networks to address core routing and DNS security, among others. Additionally, we are seeing hackers using social media platforms as an attack vector, and such attacks are routinely compromising mobile phones. Last but perhaps most significant, state-sponsored threat actors have become more and more active. We are seeing increasing attacks against critical infrastructure and supply chains. For example, cyberwar actors will seek to attack targets that result in maximum disruption, economic upheaval, and even public safety issues (e.g. airports, public transit, power grids, nuclear facilities, smart cities, etc.). There will be continued attacks targeting democratic processes such as electronic voting machines, online voter registration, party or politician websites, and other such platforms. Sadly, Caribbean (and global) enterprises will get caught up in state-led or state-sponsored attacks, and with far-reaching economic impacts.
ICTP: Over the past year, ransomware incidents still appeared to be occurring across the region. Are they still as huge a threat?
NH: As stated in my earlier comment, ransomware is most definitely still a threat, and there are a couple of reasons for this. For one, there are numerous techniques available to hackers for initiating ransomware attacks such as spam, phishing, rootkits on legitimate website, traffic redirection, and others. Ransomware also remains a lucrative business for hackers. There’s also no shortage of targets for ransomware attackers, specifically when you consider that many healthcare providers, government agencies and educational institutions simply don’t have the resources to adequately respond to cyber threats.
ICTP: Bitcoin (cryptocurrencies) and blockchain are concepts of which mass consumers are becoming increasingly aware. Are you excited or concerned about these technologies?
NH: I am both excited and concerned about blockchain and cryptocurrencies. Blockchain provides numerous options and possibilities for changing how we work, communicate and do business. As adoption of both technologies skyrockets across the globe and throughout the Caribbean, I expect that there will be a corresponding increase in attacks. More specifically, these attacks will be mostly focused on cryptocurrency marketplaces and end user applications such as crypto wallets and crypto trading apps. Early in 2018, Japanese crypto exchange Coincheck was hacked and lost USD$500 million in assets due to poor security mechanisms in their hot wallets. We’re also seeing crypto mining malware which essentially compromises PCs and laptops and uses their resources to mine cryptocurrencies. A consequence of these attacks will be increased regulation of cryptocurrencies by governments, and there is the potential for this to stifle innovation and the network benefits of blockchaintechnologies.
ICTP: Towards the end of 2017, we became aware of some new threats: Meltdown and Spectre, which seem to be shaking the computing and tech industry to its core. In layman’s terms, can you briefly give us a sense of what Meltdown and Spectre are about, what harm they do, and what steps (if any) we can take to better protect ourselves?
NH: Meltdown and Spectre exploit critical vulnerabilities in system processors. These hardware-based vulnerabilities allow programs to steal data that is being processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to obtain data stored in the memory of other running programs. Desktops, laptops, and cloud platforms are affected. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995. There are patches against Meltdown for Linux, Windows, and OS X. There is also work being done to harden software against future Spectre exploits, as well as to patch software after exploitation through Spectre. Details for these solutions can be found on most all the security-focused web sites.
ICTP: After all of what we have discussed so far, are there still new and emerging threats of which we should be more aware?
NH: Yes, I think everyone should be aware about threats associated with the Internet of Things (IoT), connected vehicles, weaponization of AI, and cyber-physical attacks. For example, AI can make spearphishing attacks cheaper, faster and more effective, and also help attackers to design malware that is more stealth and harder to discover using traditional endpoint protection tools. Another example is that researchers – and hackers – are uncovering more vulnerabilities in the onboard systems of older airplanes, trains, ships, and other transport modes that render them vulnerable. I expect to see more attacks involving ransomware that hijacks these vital systems and threatens chaotic results if owners don’t pay to regain control.
ICTP: Finally, what are the top three (3) things businesses should be doing this year, 2018, to improve theirICTP: network/IT security?
NH: One of the most important countermeasures against cyber threats is greater awareness. Governments need to engage various national stakeholder groups in developing awareness programs. Such programs should incorporate information on common attack techniques/vectors, recommendations on how to put better protection measures in place (including data protection), and best practices for improved online hygiene. Businesses are key stakeholders, and they should see themselves as playing an important role in building awareness both internally to their organizations and on the broader national scale.
All businesses need to to develop cybersecurity strategies, including in key areas such as risk assessment, vulnerability management, legal & regulatory compliance, and capacity building. They need to have the right people, process and technology in place to combat cyber threats. For SMEs who have challenges with resources, there are security companies like mine who are willing to work with them to develop flexible, cost-effective solutions for cybersecurity.
As it relates to improving users’ control of their data and increasing accountability for data handlers, it is likely that legislation will be needed because corporations have not yet proven to be good data stewards. Hence, legislative instruments like the EU’s General Data Protection Regulations (GDPR) are likely to be replicated across national jurisdictions. More specifically, the roles and responsibilities of those handling data should be clarified, penalties for misuse and abuse should be outlined, and mechanisms should be put in place to reward adequate data protection and implementation of security best practices. I would advise all Caribbean nations to look at implementing data protection legislation in the very near future.
The original interview can be found on the ICT Pulse website at: https://bit.ly/2JzAFce